Andrzej Kurek
6608096544
Change accepted ciphersuite versions when parsing server hello
...
Accept only ciphersuites for version chosen by the server
2018-04-25 05:28:08 -04:00
Mohammad Azim Khan
0acbd7df03
Same ciphersuite validation in server and client hello
2018-04-20 19:58:37 +01:00
Manuel Pégourié-Gonnard
8bce3685f5
Merge remote-tracking branch 'restricted/pr/468' into mbedtls-2.7-restricted-proposed
...
* restricted/pr/468:
Improve comments style
Remove a redundant test
Add buffer size check before cert_type_len read
Update change log
Add a missing buffer size check
Correct buffer size check
2018-04-18 12:21:36 +02:00
Manuel Pégourié-Gonnard
4a9236efce
Merge remote-tracking branch 'public/pr/1234' into mbedtls-2.7-proposed
...
* public/pr/1234:
Doxygen: don't traverse symbolic links
2018-04-18 12:04:51 +02:00
Krzysztof Stachowiak
affb4f8e90
Improve comments style
2018-04-10 13:43:23 +02:00
Krzysztof Stachowiak
5ca4c5a15d
Remove a redundant test
2018-04-10 13:43:17 +02:00
Krzysztof Stachowiak
314f16136f
Add buffer size check before cert_type_len read
2018-04-10 13:43:10 +02:00
Krzysztof Stachowiak
7da5088289
Update change log
2018-04-04 13:47:40 +02:00
Krzysztof Stachowiak
071f9a3e47
Add a missing buffer size check
2018-04-04 13:44:04 +02:00
Krzysztof Stachowiak
3d8663b4f9
Correct buffer size check
...
Further in the code the next field from the binary buffer is read. The
check contained an off by one error.
2018-04-04 13:43:00 +02:00
Gilles Peskine
be97c9cc85
Merge remote-tracking branch 'upstream-public/pr/1552' into mbedtls-2.7-proposed
2018-04-04 10:31:42 +02:00
Gilles Peskine
1852d66a24
Align ChangeLog entry for PR #1401 with development
2018-04-04 10:19:24 +02:00
Jaeden Amero
33be84f679
Merge remote-tracking branch 'upstream-public/pr/1502' into mbedtls-2.7-proposed
2018-04-03 19:16:12 +01:00
Jaeden Amero
15cdc5ec7b
Merge remote-tracking branch 'upstream-public/pr/1458' into mbedtls-2.7-proposed
2018-04-03 18:28:46 +01:00
Jaeden Amero
d8e0cec63b
Merge remote-tracking branch 'upstream-public/pr/1464' into mbedtls-2.7-proposed
2018-04-03 18:27:54 +01:00
Azim Khan
03da121663
Enable SSL test scripts to dump logs on stdout
2018-04-03 17:58:35 +01:00
Jaeden Amero
b5f53b1039
Merge remote-tracking branch 'upstream-public/pr/1401' into mbedtls-2.7-proposed
2018-04-03 12:09:45 +01:00
Jaeden Amero
e7dc46240d
Merge remote-tracking branch 'upstream-public/pr/1543' into mbedtls-2.7-proposed
2018-04-03 12:03:30 +01:00
Andrzej Kurek
ffaee0952c
pk_sign: added stdlib include
2018-04-03 04:36:52 -04:00
Andrzej Kurek
350e4dc6df
pk_sign: adjust return values
2018-04-03 04:04:36 -04:00
mohammad1603
29ed80f79f
Fix compatibility problem in the printed message
...
Replace %zu with %lu and add cast for the printed value.
2018-04-02 07:34:26 -07:00
Gilles Peskine
595c84a7b1
Merge remote-tracking branch 'upstream-public/pr/1500' into mbedtls-2.7-proposed
2018-04-01 12:41:29 +02:00
Gilles Peskine
27d88212c9
Merge remote-tracking branch 'upstream-public/pr/1541' into mbedtls-2.7-proposed
2018-04-01 12:40:51 +02:00
Gilles Peskine
a0e03a81a7
Merge branch 'pr_1538' into mbedtls-2.7-proposed
2018-04-01 12:35:50 +02:00
Gilles Peskine
ab50464f42
Minor changelog improvement
2018-04-01 12:32:37 +02:00
Gilles Peskine
f3df741d8f
Add ChangeLog entry to credit independent contribution
...
Also: fixes #1437
2018-03-31 23:05:14 +02:00
Gilles Peskine
cc78ac46e7
Update error.c
2018-03-30 18:52:10 +02:00
Gilles Peskine
5114d3e4e1
Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
...
Clarify what MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH and
MBEDTLS_ERR_PK_SIG_LEN_MISMATCH mean. Add comments to highlight that
this indicates that a valid signature is present, unlike other error
codes. See
https://github.com/ARMmbed/mbedtls/pull/1149#discussion_r178130705
2018-03-30 18:43:16 +02:00
Darryl Green
28448b267f
Improve documentation of mbedtls_ssl_write()
2018-03-29 16:51:16 +01:00
Andrzej Kurek
a6f0957a42
Move changelog entry to bugfix from changes
2018-03-29 08:45:57 -04:00
Andrzej Kurek
a24adde168
Add tests for "return plaintext data faster on unpadded decryption"
2018-03-29 08:43:30 -04:00
Andy Leiserson
38a29ee5d0
return plaintext data faster on unpadded decryption
2018-03-29 08:39:55 -04:00
Jaeden Amero
0c692cda8b
Merge remote-tracking branch 'upstream-public/pr/758' into mbedtls-2.7-proposed
2018-03-29 11:02:52 +01:00
Jaeden Amero
38e37bdd56
Merge remote-tracking branch 'upstream-public/pr/1529' into mbedtls-2.7-proposed
2018-03-29 11:00:09 +01:00
Jaeden Amero
844dcb38c8
Merge remote-tracking branch 'upstream-public/pr/1134' into mbedtls-2.7-proposed
...
Fixes #504 and fixes #1057 for the 2.7 branch
2018-03-29 10:54:25 +01:00
mohammad1603
44a6a688c8
Check whether INT_MAX larger than SIZE_MAX scenario
...
Check whether INT_MAX larger than SIZE_MAX scenario
2018-03-28 23:45:33 -07:00
Jaeden Amero
5166a188eb
Merge remote-tracking branch 'upstream-public/pr/1468' into mbedtls-2.7-proposed
2018-03-28 15:36:36 +01:00
Jaeden Amero
0d891042d1
Merge remote-tracking branch 'upstream-public/pr/1524' into mbedtls-2.7-proposed
2018-03-28 15:33:45 +01:00
Jaeden Amero
ef59b732c2
Merge remote-tracking branch 'upstream-public/pr/1479' into mbedtls-2.7-proposed
2018-03-28 14:21:19 +01:00
Ivan Krylov
065ecf587f
Changelog: use my real name ( #758 )
2018-03-28 16:19:18 +03:00
Jaeden Amero
1019a6b44d
Merge remote-tracking branch 'upstream-public/pr/1526' into mbedtls-2.7-proposed
...
Fixes #1299 , fixes #1475 for the 2.7 branch
2018-03-28 12:52:59 +01:00
Jethro Beekman
004e37117c
Fix parsing of PKCS#8 encoded Elliptic Curve keys.
...
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:
PrivateKeyInfo ::= SEQUENCE {
version Version,
privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
privateKey PrivateKey,
attributes [0] IMPLICIT Attributes OPTIONAL
}
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}
ECParameters ::= CHOICE {
namedCurve OBJECT IDENTIFIER
-- implicitCurve NULL
-- specifiedCurve SpecifiedECDomain
}
ECPrivateKey ::= SEQUENCE {
version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
publicKey [1] BIT STRING OPTIONAL
}
Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-03-28 11:29:21 +02:00
Gilles Peskine
1dc8e81f47
Add ChangeLog entry
...
Fixes #1299 . Fixes #1475 .
2018-03-27 23:18:52 +02:00
Deomid Ryabkov
980fa5839e
Fix some test deps
...
* Cert revocation tests require `MBEDTLS_HAVE_TIME_DATE`.
* Verison features tests require... well, `MBEDTLS_VERSION_FEATURES`, actually.
Fixes https://github.com/ARMmbed/mbedtls/issues/1475
2018-03-27 23:18:13 +02:00
Andres Amaya Garcia
3b4d5c2f7f
Add ChangeLog entry for PBES2 when ASN1 disabled
2018-03-27 21:25:57 +01:00
Andres Amaya Garcia
e9ff785db9
Fix test dependencies of pkcs5 pbs2 on asn1 parse
2018-03-27 21:25:55 +01:00
Andres Amaya Garcia
24e8283309
Fix coding style in pkcs5.c preprocessor directives
2018-03-27 21:25:53 +01:00
Marcos Del Sol Vives
a1bc0e25b7
Compile PBES2 in PKCS5 only if ASN1 is enabled
2018-03-27 21:25:52 +01:00
Andres Amaya Garcia
28d97e1dfc
Fix shared library lookup on Mac OS X when running tests
2018-03-27 20:04:20 +01:00
Andres Amaya Garcia
504ac5c884
Make DLEXT var configurable in programs and tests makefiles
2018-03-27 20:04:18 +01:00